Software side channel attacks use meta information available in various system components to deduce what another process is computing. Attacks in this space have been used to find encryption keys and user passwords. Software side channel attacks may be based on inter-process leakage through the state of a CPU's memory cache. The leakage may reveal memory access patterns, which can be used for cryptanalysis of cryptographic primitives that employ data-dependent table lookups. The attacks may allow an unprivileged process to attack other processes running in parallel on the same processor, despite partitioning methods such as virtual memory protection, sandboxing, and virtualization.
One known type of software side channel attack program displaces all the data in an un-partitioned cache by writing to every location in the cache. After a context switch, a program using sensitive data, such as cryptographic keys, may displace certain lines in the cache depending on the value of the key being used in the program. After another context switch, the software side channel attack program may identify which of the lines in the cache have been displaced and determine the value of the sensitive data.
One approach used to prevent software side channel attacks required implementing a separate cache system for each logical processor. This required additional silicon area which was costly. Other approaches used to prevent software side channel attacks involved having the cache flushed after context switches and having the cache turned off. These approaches negatively impacted performance of applications which was undesirable.